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DETAILED ACTION 

1 An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 

with Davin M. Stockwell on June 22, 2006. 

Claims: 

Claim 40: 

- On line 13, "and" has been deleted. 

- On line 20, "providing the network address of the second network device to the 
first network device," has been replaced with - - broadcasting the network address of 
the second network device to the first network device, - - 

- At the end of the claim, insert "; and a firewall system that identifies suspect 
information packets received from the first network device, said switching 
system directing the information packets to the second network device via 
said firewall system, wherein said traffic analysis system determines whether 
the suspect information packets are problematic and, if said traffic analysis 
system determines that the suspect information packets are problematic, 
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inhibits said switching system from broadcasting the network address of the 
second network device to the first network device". 

Claims 54 and 55 have been canceled. 

Claim 56: 

- On line 6, "and" has been deleted. 

- On lines 12-13, "providing the network address of the second network device to 
the first network device" has been replaced with - - broadcasting the network address of 
the second network device to the first network device - - 

- At the end of the claim, insert "; and said activity monitoring system includes: a 
route arbitration system that monitors the information packets received by said 
switching system, said route arbitration system determining whether the 
information packets comprise abnormal network activity in accordance with a first 
information packets comprise abnormal network activity, identifying the 
information packets are being abnormal information packets; and a traffic 
analysis system that monitors the abnormal information packets identified by said 
route arbitration system, said analysis system determining whether the abnormal 
information packets comprises the problematic information packets in 
accordance with a second predetermined criteria and, if said traffic analysis 
system determines that the abnormal information packets comprise the 
problematic information packets, inhibiting said switching system from providing 
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the network information packets, inhibiting said switching system from 
broadcasting the network address of the second network device to the first 
network device" 

Claim 59 has been canceled. 

Claim 60: 

- On line 12, "and" has been deleted. 

- On lines 1 0-20, "providing the network address of said protected network device 
to the external network device" has been replaced with - - broadcasting the 
network address of said protected network device to the external network device 

- At the end of the claim, insert "; and a firewall system that identifies suspect 
information packets received from the external network device, said switching 
system directing the information packets to the protected network device via said 
firewall system, said traffic analysis system determining whether the suspect 
information packets are problematic and, if said traffic analysis system 
determines that the suspect information packets are problematic, inhibiting said 
switching system from broadcasting the network address of the protected 
network device to the external network device" 



Claim 69 has been canceled. 
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Claim 71: 

- On line 14, "and" has been deleted. 

- On lines 18-19, "providing the network address of said second network device to 
the first network device" has been replaced with - - broadcasting the network 
address of said second network device to the first network device - - 

- At the end of the claim, insert "; and a firewall system that identifies suspect 
information packets received from the external network device, said switching 
system directing the information packets to the protected network device via said 
firewall system, said monitoring system determining whether the suspect 
information packets are problematic and, if said monitoring system determines 
that the suspect information packets are problematic, inhibiting said switching 
system from broadcasting the network address of the protected network device 
to the external network device". 

Claim 77: 

- On line 9, "and" has been deleted. 

- On lines 13-14, "providing the network address of said second device to the first 
network device" has been replaced with - - broadcasting the network address of 
said second device to the first network device - -. 

- At the end of the claim, insert "; and a firewall system that identifies suspect 
information packets received from the external network device, said switching 
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System directing the information packets to the protected network device via said 
firewall system, said monitoring system determining whether the suspect 
information packets are problematic and if said monitoring system determines 
that the suspect information packets are problematic, inhibiting said switching 
system from broadcasting the network address of the protected network device 
to the external network device". 

Claims 79 and 80 have been canceled. 

Allowable Subject Matter 

2. The following is an examiner's statement of reasons for allowance: 

The claimed invention is directed to detection of fraudulent requests and 
eradicates the request from attacking the target network resource. The detection 
system and method monitor the incoming network activities arriving at the network 
devices such as routers and firewalls and determining whether abnormal activities or 
traffic patterns are emerging the devices. If a determination is made that the patterns 
exist, the monitoring system responds by blocking the activity or redirecting the traffic. 

The closest prior art, Shanklin et al., teach an intrusion detection system with 
load balancing for high-speed networks. The system detects unauthorized signatures to 
or from local network and connected at an internetworking device such as a router or a 
switch. Shanklin et al. teach after detection of unauthorized activities exist, the system 
response by taking appropriate actions such as disconnect the network communication. 
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Shanklin et al do not disclose the detail of specific appropriate functionality the network 
would take in response to the detection except terminating the connection. Applicant 
claims the unique features of a router arbiter and a firewall for redirecting the abnormal 
traffic to the traffic analyzer to further determine whether the abnormal information 
packets are problematic in accordance to different set of criteria, if problematic 
information packets is determined to exist, inhibiting the switching system from 
broadcasting the network address to the offending device. The network device as 
claimed is interpreted in light of the Specification to be a router or a firewall. The art of 
record does not singularly or in combination anticipate or render the claimed limitation 
obvious. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 



Conclusion 



3 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tongoc Tran whose telephone number is (571) 272- 
3843. The examiner can normally be reached on 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jacques Louis-Jacques can be reached on (571) 272-^962. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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